My web server is (include version): not sure, a server from strato
The operating system my web server runs on is (include version):
CentOS Linux 7.4.1708 (Core)
My hosting provider, if applicable, is: strato
I can login to a root shell on my machine (yes or no, or I don’t know): i don’t know, i use plesk
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx v17.0.17_build1700161028.14 os_CentOS 7
So Plesk said the LetsEnrypt certificate is isntalled, but with 2 warning. The one I posted here and a some one for webmail.
Since the domain appears to be using PowerDNS, my perennial guess for NSEC errors I don’t understand is that the DNS admin should try running “pdnsutil rectify-zone denhelderactueel.nl” and see if it helps.
(And also make sure PowerDNS is a new enough version, but I don’t think that’s the issue.)
If your DNS admins won’t fix problems, replacing www's A record with a CNAME might help work around it. Or not, I’m not sure.
Disabling DNSSEC would also work around it.
Edit: See? I always say that. @_az linked to me saying it a month ago!
I've asked my domainhoster for help concering the dns-settings. I don't see anything weird with them, but hopefully they will. Is it an option to move the domeinregistration to strato as well, so domeinname and server are wboth ith strato?
Refering to your host removing the complete DS record, so the CAA error won’t persist. It’s not really fixing the CAA error itself, but removing the whole feature in total.
I renewed the certificate and added the www. to it. The only error returned this time had to do with webmail. So both . and www. domain must be ok now.